1.6 The Cyclic Assessment Approach

Assessment of large networks in particular can become a very
cyclic process if you are
testing the networks of an organization in a blind sense and are
given minimal information. As you test the network, information leak
bugs can be abused to find different types of useful information
(including trusted domain names, IP address blocks, and user account
details) that is then fed back into other processes. Figure 1-2s flowchart defines this
approach and the data being passed between processes.

Figure 1-2. The cyclic approach to network security assessment

This flowchart starts with network enumeration, then bulk network
scanning, and finally specific service assessment. It may be the case
that by assessing a rogue non-authoritative DNS service an analyst
may identify previously unknown IP address blocks, which can be fed
back into the network enumeration process to identify further network
components. In the same way, an analyst may enumerate a number of
account usernames by exploiting public folder information leak
vulnerabilities in Microsoft Outlook Web Access, which can be fed
into a brute-force password grinding process later on.